This page shows you how to enable Two-Factor Authentication (2FA) on your DNAnexus account. Two-Factor Authentication is an easy-to-use system that allows you to add an extra layer of security protecting the data stored on the DNAnexus platform.

After enabling Two-Factor Authentication, in addition to entering your username and password at login, you will also be required to enter a two-factor authentication code to access your account. This code is generated by a third-party two-factor authentication application (i.e. Google Authenticator) and is a time-based one-time password that will only be valid for that login session.

With Two-Factor Authentication protecting your account, your data will be protected even in the case that both your username and password are stolen. The attacker will be unable to access your account without your two-factor authentication code which is generated on your smartphone or computer.

Enabling Two-Factor Authentication

To enable Two-Factor Authentication, go to your Profile page (top-righthand corner of the web platform) and at the bottom of the User Account tab in Security Settings you will see the option to turn on Two-Factor Authentication.

From there, you will need to acquire a third-party Time-based One-Time Password (TOTP) application, like Google Authenticator on smartphones, and link it to your DNAnexus account. See Note below for more information.

You can link the application using the QR code provided, or by manually entering the smart key into your application. The TOTP application will automatically generate an authentication code that changes periodically (every 30 seconds for Google Authenticator) which you will use in conjunction with your password to log into your account.

After sucessfully enabling Two-Factor Authentication, you will be redirected to a page containing back-up codes which can be used in place of an application-generated two-factor authentication code. We recommend you save these codes in a secure place in case you are unable to access your authentication application.

Note: We recommend using Google Authenticator on your mobile device. It's a popular, free solution available on Apple iOS and Android mobile devices. Get it on Google Play or from the Apple iTunes App Store.
We currently do not support sending authentication codes via text message (SMS). If you are unable to use a smart phone application, compatible Two-Factor Authentication Apps, which use the TOTP (Time-based One-time Password) algorithm, exist for other platforms. Let us know if you have a favorite app or other feedback about using this feature by contacting Support.

Usage

Once Two-Factor Authentication is enabled on your account, you will be required to enter the application-generated two-factor authentication code in addition to your username and password at every login regardless if you are using the web platform or command-line interface. You will also be required to enter a code to change personal information.

Specifically, you will need a two-factor authentication code to do the following:

Access your account through DNAnexus web platform

Change your password

Change your user settings

Turn off Two-Factor Authentication

Login to your account using the DNAnexus Command Line Interface (CLI)

In the case you lose your phone or are otherwise unable to access your authenticator application, you can use the back-up codes provided when enabling Two-Factor Authentication to access your account. If this is not an option, please contact Support for further assistance.

Disabling Two-Factor Authentication

We highly recommend you protect the data you store on DNAnexus with Two-Factor Authentication. However, if you change your mind, you can always turn it off simply by going back to your Profile page and turning off Two-Factor Authentication on the User Account tab in Security Settings. You will be required to enter your password and your two-factor authentication code one more time to disable this feature.

Note: If you disable Two-Factor Authentication, then re-enable the feature, you will need to re-configure your TOTP application by scanning the new QR code or entering the new Secret Key. You will also be required to save the new back-up codes. The old back-up codes and codes generated by your previous application configuration will not be valid.